SUSE Package Hub - openSUSE-2023-83

Update Info

openSUSE-2023-83

Security update for nextcloud

Type: security

Severity: important

Issued: 2023-04-03

Description:

This update for nextcloud fixes the following issues:

- Update to 23.0.12
  See: https://nextcloud.com/changelog/#latest23

- This also fix security issues:
  - CVE-2022-35931: Password Policy app could generate passwords that would be block (boo#1203190) 
  - CVE-2022-39346: Missing length validation of user displayname allows to generate an SQL error (boo#1205802)
  - CVE-2023-25579: Potential directory traversal in OC\Files\Node\Folder::getFullPath (boo#1208591)

References

CVE: CVE-2023-25579
CVE: CVE-2022-39346
CVE: CVE-2022-35931
Bugzilla: 1208591 VUL-0: CVE-2023-25579: nextcloud: Potential directory traversal in OC\Files\Node\Folder::getFullPath
Bugzilla: 1205802 VUL-0: CVE-2022-39346: nextcloud: Missing length validation of user displayname allows to generate an SQL error
Bugzilla: 1203190 VUL-1: CVE-2022-35931: nextcloud: Password Policy app could generate passwords that would be block

Packages

nextcloud-23.0.12-bp154.2.3.1